Method and System for Wireless LAN Dynamic Channel Change with Honeypot Trap
1 Assignment
0 Petitions
Accused Products
Abstract
A network security system includes a system data store capable of storing a variety of data associated with a wireless computer network and communication transmitted thereon, a communication interface supporting wireless communication over the wireless computer network and a system processor. Configuration data associated with an access point on a wireless computer network potentially compromised by an intruder is received. Information contained within and/or derived from the received configuration data is stored. Communication with the intruder is continued by emulating the identification characteristics of the potentially compromised access point. A channel change request is transmitted to the potentially compromised access point to reroute communication between the potentially compromised access point and authorized stations such that communications may continue on a different channel.
116 Citations
44 Claims
-
1-15. -15. (canceled)
-
16. A method for wireless intrusion protection, comprising:
-
outlining at least one portion of a network to be protected, said at least one portion of the network occupying a physical region, the physical region comprising an airspace through which wireless signals can be transmitted;
defining a security policy associated with the airspace to protect said at least one portion of the network, the security policy at least defining a type of wireless activity which constitutes a violation of the security policy;
deploying one or more sensor devices within said at least one portion of the network, the one or more sensor devices being arranged within the physical region comprising the airspace, the one or more sensor devices being configured to cause at least a portion of the airspace to be secured according to the security policy;
deploying a host system on the network;
monitoring wireless signals in the airspace using said one or more sensor devices;
determining whether a wireless signal is intended to communicate to said at least one portion of the network;
detecting a violation of the security policy based at least upon the determining step and the monitoring step;
automatically initiating an action based upon the violation in accordance with the security policy for the airspace to protect said at least one portion of the network. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A wireless intrusion protection system, comprising:
-
one or more monitoring modules deployed within a physical region proximate to a network, the physical region comprising an airspace through which wireless signals propagate, the one or more sensor devices implementing a security policy defining at least a type of activity which comprises a violation of the security policy and being configured to protect the network, and to provide an indication of the violation;
a host module configured to communicate with the one or more monitoring modules regarding security policy for the network to be protected, and to provide central management for the one or more monitoring modules, individually or collectively;
wherein the one or more monitoring modules are configured to receive wireless signals propagating in the airspace and to apply the security policy to determine whether any of the wireless signals are associated with violations of the security policy;
a protection module configured perform an action responsive to the indication of the security violation in accordance with the security policy. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43)
-
-
44. Computer readable storage media storing instructions that upon execution by a system processor causes the system processor to perform steps comprising:
-
outlining at least one portion of a network to be protected, said at least one portion of the network occupying a physical region, the physical region comprising an airspace through which wireless signals can be transmitted;
defining a security policy associated with the airspace to protect said at least one portion of the network, the security policy at least defining a type of wireless activity which constitutes a violation of the security policy;
deploying one or more sensor devices within said at least one portion of the network, the one or more sensor devices being arranged within the physical region comprising the airspace, the one or more sensor devices being configured to cause at least a portion of the airspace to be secured according to the security policy;
deploying a host system on the network;
monitoring wireless signals in the airspace using said one or more sensor devices;
determining whether a wireless signal is intended to communicate to said at leas one portion of the network;
detecting a violation of the security policy based at least upon the determining step and the monitoring step;
automatically initiating an action based upon the violation in accordance with the security policy for the airspace to protect said at least one portion of the network.
-
Specification